Skip to main content
close search
site logo
Dive Brief

Most companies dealing with employee misuse of business apps: report

Published Nov. 2, 2021
David Jones's headshot
Reporter
Spencer Platt via Getty Images

Dive Brief:

  • More than 80% of organizations have encountered an employee misusing or abusing access to business applications over the past year, according to research from CyberArk released Tuesday. The report is based on a survey of 900 information security leaders from medium to large enterprises in six major markets around the world, including the U.S. and U.K. 
  • In 62% of U.S. organizations, a typical user has access to at least five to 10 applications that contain sensitive data, such as information on financial, healthcare or intellectual property. At 50% of U.S. organizations, the typical user could access between 11-20 business applications, according to CyberArk.
  • Despite the level of employee access to high value data, 48% of organizations have limited access to view user logs and to audit the activity of employees. 

Dive Insight:

With millions of workers operating from remote locations due to the continued COVID-19 pandemic, IT security leaders have been unable to get a clear view of what employees are doing across applications. 

"Enterprise security teams tend to focus much of their application security efforts on preventing unauthorized access to applications by [validating] users before access is granted via multifactor authentication and single sign-on, and limiting user permissions within applications," Gil Rapaport, GM of access management at CyberArk. "However, some legitimate users, such as executives, application owners and administrators, may receive additional elevated privileges allowing them to perform highly sensitive tasks."

For example, a business leader who has information about pending deals in the sales pipeline may be able to obtain confidential data beyond what is necessary for their role in the company, Rapaport said. A firewall administrator could temporarily edit security rules that inadvertently (or deliberately) expose the company to outside threats. 

Responding to security incidents like these can take up a lot of time at security operations centers. More than half of respondents investigate security incidents or potential compliance violations at least once per week. 

Insider risk has become an increasingly serious topic of discussion among corporate security researchers, CISOs and security policy leaders. One area of concern has been the high rate of employee turnover and workers leaving the workplace altogether, commonly known as The Great Resignation

Millions of workers in the U.S. have either switched jobs to higher paying employers or completely exited the corporate workplace. Many are taking early retirement due to health concerns, disputes over corporate or government vaccine mandates, or for general burnout. 

Recommended Reading

Filed Under: Threats

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Threats
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell